Volo Protocol, a BTCFi and liquid staking project on the Sui network, has confirmed a security exploit that drained roughly $3.5 million from its vaults. The attack hit three specific products holding wrapped bitcoin (WBTC), gold‑backed XAUm, and USDC, while other vaults remained untouched.
The group claims that after noticing strange on-chain activity, it found that an attacker had already transferred funds into newly created wallets. To mitigate the compromise, it promptly halted all Sui vaults, notified the Sui Foundation, and began collaborating with ecosystem partners. Volo says the approximately $28 million in total value locked remains safe in unaffected vaults.
So far, the protocol has not shared a full technical root cause, but it has confirmed that the exploit vector appears isolated to the three drained strategies. A detailed post‑mortem will follow once on-chain tracing and coordination with exchanges and bridges are finished.
Recovery Underway: 19.6 WBTC Frozen, But $3M Remains Unaccounted For
In a recovery update, Volo reported that it blocked the attacker from bridging out 19.6 WBTC following the initial drain. Those coins now sit under the control of cooperating platforms and will not move until investigators decide how to return them.
Altogether, the protocol says about $500,000 tied to the exploit has already been frozen across partners. That number could rise if more exchanges or bridge providers agree to freeze suspicious deposits or halt withdrawals linked to the attacker’s addresses.
However, roughly $3 million in value remains “in play,” and the outcome depends on where the hacker routed the remaining funds.
Analysts point out that “frozen” does not yet mean users have their assets back. Instead, it means the attacker cannot easily sell or transfer that portion while recovery discussions are underway.
Volo Promises to Absorb User Losses
Volo says it plans to fully cover user losses from the vault exploit to calm fears of a broader bank run. The team wrote that “Volo is prepared to absorb this loss” and does not intend to pass the hit on to depositors. It also plans to publish a clear remediation plan explaining how and when it will make affected users whole.
Even though they said everything was fine, this event adds to a growing list of DeFi breaches on Sui, including earlier nine‑figure strikes on Cetus and other protocols that used complex vault logic and external libraries.
READ MORE: Bitcoin Price on Edge as JD Vance Cancels Iran Talks Trip Before Ceasefire Deadline
